Having a strange issue. I need to create a RO account on every ESXi servers deployed via Powercli however using EsxCLI won't accept my password. But when using New-VMhostAccount connected directly to the host it works fine. I'm wanting to set this account during the build of the host which is automated via powercli so doing a connect-visever direct to the host in the middle my build script breaks my connection to the vcenter i'm building in, any ideas?
$Args = $esxcli.system.account.set.CreateArgs()
$Args.id = 'a_guard'
$Args.password = '@`[tNI\xUh7#&by\'
$Args.passwordconfirmation = '@`[tNI\xUh7#&by\'
Message: A specified parameter was not correct: argument;
At line:5 char:5
+ $result = $esxcli.system.account.set.invoke($Args)
+ CategoryInfo : OperationStopped: (:) , InvalidArgument
+ FullyQualifiedErrorId : VMware.VimAutomation.ViCore.Types.V1.ErrorHandling.InvalidArgument
The password is causing this.
Could it be that your password is violating the complexity rules?
What is in Security.PasswordQualityControl?
Get-AdvancedSetting -Entity MyEsx -Name 'Security.PasswordQualityControl' |
Select -ExpandProperty Value
This for example works for me
$esxcli = Get-EsxCli -VMHost MyEsx -V2
$sAccount = $esxcli.system.account.add.CreateArgs()
$sAccount.Item('description') = 'Test account'
$sAccount.Item('password') = 'BlackFriday17!'
$sAccount.Item('passwordconfirmation') = 'BlackFriday17!'
$sAccount.Item('id') = 'a_guard'
Hi Luc, its a fresh install of ESXi 6.5update1 but what is more strange it works when using New-VMHostAccount
Get-Advancedsetting -Entity $esxiserver -Name 'Security.PasswordQualityControl' | Select -ExpandProperty Value
I would really like to set this via esxcli, do you think i could modify 'Security.PasswordQualityControl' to allow this then set it back to default.?
I know the account works with this password because it been set in the environment previously i believe it was created using host profiles, plus i can get it to work with New-VMHostAccount
Thnaks luc, can you think of any workaround other than change the password, unfortunately this password is mature in the environment so can't easily be changed and i was hoping to automate it.
I might put it in the auto deploy host profile that might work
Any chance a workaround was ever identified for this? I'm running 11.3.0 and am apparently hitting the same issue when setting an SNMP community string via PowerCLI.
Confirmed that removing the ampersand (&) from the string allows the command to continue. Also verified that setting via SSH the community string work, as does a direct PowerCLI connection and using get-vmhostsnmp | set-vmhostsnmp.